Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.

Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.

Soccnx11 Two wrongs don't make a right - Troubleshooting Connections

Curious on how to make your Connections environment run smoothly while reducing support effort? Need help debugging and getting to the core of some Connections challenges? Join Nico and Terri to find out how to resolve common issues, learn troubleshooting basics and other useful knowledge to ensure an efficient Connections on-premises environment. Level up your debugging skills while learning more about backend topics such as IBM Spectrum CfC, DB2, TDI, SSO, Directory and integrations like Docs, CCM, Cognos, FEB or Orient Me. Walk away with Connections best practice tips and tricks to help you provide steady and efficient social capabilities!

WebSphere Application servers can securely communicate using the Lightweight Third Party Authentication (LTPA) protocol, which supports forwardable credentials and single sign-on (SSO). Connections has been taking advantages on SSO feature provided using LTPA by WebSphere Application Server.

WebSphere Application servers can securely communicate using the Lightweight Third Party Authentication (LTPA) protocol, which supports forwardable credentials and single sign-on (SSO). Connections has been taking advantages on SSO feature provided using LTPA by WebSphere Application Server.

8.
Social Connections 11 Chicago, June 1-2 2017
Be aware of the big picture
• Client-side problems
• Debug in different Browsers (IE, FF, Chrome)
• Do not use a server IE
• Server-side: IBM Connections is based on
many components
• debug on “high level” first
• get an overview which backend service is causing
the error

34.
Social Connections 11 Chicago, June 1-2 2017
Troubleshooting: Enable Logging
• Track all basic Waltz configuration settings and transactions.
• com.ibm.connections.directory.services.*=all
• Track all LDAP transactions in between Waltz & LDAP server(s).
• WaltzLDAPUsage=all
• Track all LDAP entry to be cached and hit from cache upon DN of LDAP entries.
• WaltzDNEntryCache=all
• Track all LDAP entry to be cached and hit from cache upon ID of LDAP entries.
• WaltzExactIDMatchCache=all
• Track all group membership (a list of groups) for a given user upon ID.
• WaltzGroupMembershipCache=all
• Track all members (a list of users) for a given
group upon ID.
• WaltzMemberExpansionCache=all
TIP: Save runtime changes to make changes persistent

37.
Social Connections 11 Chicago, June 1-2 2017
EJPVJ9284E: Unable to get the groups
from the directory for the user…
• User was not able to access Connections
anymore
• WAS LDAP bind user had no read access
to one of the groups the user was member

40.
Social Connections 11 Chicago, June 1-2 2017
Waltz Cache: Changing Group
Membership/permissions remains in Waltz Cache
• Issue: Administrator changes access or Group
membership for a user. That user does not get
immediate access.
• Cache: Connection's Directory Services keeps a “list” of
directory objects it has already searched for performance
reasons
● Improves performance of connections services
● Reduces load on remote directory servers
● Cache is based on a timing mechanism
● Cache is "flushed and renewed" on a 12 hour time schedule

41.
Social Connections 11 Chicago, June 1-2 2017
Tuning the Cache: Continued
• How does this affect Group Membership?
● Group membership exists in the cache for 12 hours
● Operations such as renaming, deleting, or updating groups remain
in the cache for that time
• Configuration parameter for cache timing
mechanism
● Enables Connections administrators to flush the cache in
configurable time increments
● Set cache parameter via JVM arguments to flush them (we'll get to
that!)
● Default remains 12 hours